BLOG POST

Protect your Wordpress website from getting hacked

Wordpress is a wonderful CMS (Content Management System) that attracts most bloggers and web masters to use it to create websites because of its friendly user interface and the huge number of plugins & templates available.

On average, 30,000 new websites are hacked every day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and so many other reasons.

Is it not safe to use Wordpress?

Wordpress is safe to use but no system in this world is 100% safe. You can make it a lot more safer by following the tips mentioned below.

Tips:

1. Change the URL structure of the admin panel

The URL structure of the wordpress admin panel usually has the part “wp-admin” in it. Hackers explicitly try to find out the wordpress websites with “wp-admin” in the URL to automate attacks on the login page of the admin panel. Changing the URL structure of the wordpress admin panel can avoid an automated target attack from a hacker.

It is shown here on how to change the URL corresponding to the admin panel.

2. Use a strong Password (Always stressed but not universally followed)

A strong password is one which is a mix of atleast 10 upper case, lower case characters, numbers and special characters like @#$%, etc. Don’t forget to change your password frequently atleast once every 3 months.

3. Don’t use admin as User Name

Attackers use too many IPs for dictionary attacks (a way to find the username-password combination when the user name is guessed). The exact number of IPs could be as high as 5 digits which means using the Administrator user name as ‘admin’ is making it easy for the attacker to crack the password. So, do not use admin as the user name any more. Create a new Administrator user name that differs from the regular one which is admin.

So backups make sure that our data can be restored even when our site gets hacked and some data loss occurs. The importance of backing up databases and files can’t be stressed more.

5. Update Wordpress and the plugins you use

Always update your wordpress core and plugins because attackers may find loop holes in the previous versions, as many constantly work to find vulnerabilities and every update may have sorted those issues in the old versions. So, make sure you update the wordpress core and plugins.

6. Delete the unwanted or unused plugins

Very often, we add plugins to add functionalities to our website. We may need the functionality for time-being which makes the use of the plugin temporary. We may forget to update these plugin as they were installed in the past but are of no use to our website at present. This lets the hackers set their sight on some of the most widely used plugins which may not be updated frequently. These plugins can let the hackers exploit the vulnerability on your website that arise because of the plugins. It is always better to delete the plugins that we don't use any more.

7. Make sure you have the complete control

It is vital that you choose the right people to whom you hand the control of your website for moderation, or adding content or functionalities, or changing the look of your website and in any case, try to restrict the permissions you give them so that they don’t have the authorization to access everything unless it is necessary. Once the work you gave them is done, change the login credentials for FTP or admin panel access.

8. Use a strong security plugin

Use a strong security plugin which adds a layer of security to your Wordpress Website such as stopping brute force attacks. iThemes Security (formerly Better WP Security) is a good choice to protect your wordpress website as it gives you over 30+ ways to secure and protect your wordpress site.

These are just a few ways to prevent your wordpress website from getting hacked but it doesn't stop here. There are new vulnerabilities that hackers find every now and then. Keep updating yourself to make sure you stay ahead and your wordpress website stays safe.